Live Data and the Cisco IdS do not host the RTMT installer. For this reason, always connect to the Cisco Unified Intelligence
Center Server and sign in to the Administration page to download the RTMT installer. You can, however, run the same RTMT client
to connect to any of the Cisco Unified Intelligence Center, Live Data, or Cisco IdS servers (standalone or coresident).

RTMT runs as a
client-side application. You can install RTMT on a Windows workstation or a Linux machine. RTMT is
cluster-aware. RTMT provides critical service and performance monitoring
(perfmon), trace/log collection and viewing, and Alert Management on the node
for the IP address you request at launch. RTMT does not provide
the status of all critical applications on all the nodes at the same time.

Use RTMT to:

Monitor the health
of the system by generating email alerts for objects whose values go above or
below a threshold

Collect and view
traces

View syslog
messages

Monitor
performance counters

RTMT has extensive
online help. Refer to it for information on alerts, schedule collection,
performance monitoring, and collecting and downloading tracing and logging
data.

The RTMT
Interface

The following RTMT system
monitoring objects are available in the left pane of the RTMT page:

System Summary

Displays
information on Virtual Memory usage, CPU usage, Common Partition usage, and the
alert history log.

Server

Server objects
are:

CPU and Memory
- Displays information on Virtual memory usage and CPU usage for the server.

Process -
Displays information on the processes running on the server.

Disk Usage -
Displays information on the disk usage on the server.

Critical Services - Displays the name of the critical service, the status (whether the service is up, down, activated, stopped by the administrator,
starting, stopping, or in an unknown state), and the elapsed time during which the services have existed in a particular state
for the server or for a particular server in a cluster (if applicable).

The Cisco Unified Intelligence Center services are listed under the Intelligence Center tab. The Live Data and Cisco IdS services are listed, along with the System services, under the System tab.

Performance

Performance
objects are:

Performance -
Performance monitoring allows you to monitor performance counters related to
the Unified Intelligence Center server. You can continuously monitor a set of
preconfigured objects and receive notification in the form of an email
message. You can associate counter threshold settings to alter notification. Up
to six perfmon counters in one chart for performance comparisons can be
displayed. Performance queries can be used to add a counter to monitor. You can
also save and restore settings, such as counters being monitored, threshold
settings, and alert notifications, for customized troubleshooting tasks.

Download Trace and Log Files

Perform the following steps to download the trace and log files for Cisco Unified Intelligence Center, Live Data, and Cisco
IdS.

Procedure

Step 1

Run RTMT to connect to the target server, then choose Tools > Trace & Log
Central in the System pane.

Step 2

Click
Collect Files.

Step 3

Click
Next to browse through and select services and applications for which you want to collect files.

For example, you can select one or more Live Data services; the list is shown here.
Figure 1. Select
LiveData Services/Applications

Step 4

When you finish selecting services and applications, you can choose either of the Collection File Options:

Absolute Range - Choose the Reference Server Time Zone from the drop-down list. Then choose the From Date/Time and the To Date/Time.

Relative Range - From the drop-down lists, choose the number of files generated and the time duration (Minutes, Hours, Days, Weeks, or Months).

Step 5

Choose the Download File Options:

Choose either the Active Partition or Inactive Partition from the drop-down list.

Browse to or provide the path to the Download File Directory.

Select the Zip Files or Do Not Zip Files option.

To remove the log files from the server, check the Delete Collected Log Files from Server check box.

Step 6

Click Finish.

View the Status of Services

Procedure

Run RTMT to connect to the target server, then choose Server > Critical Services in the System pane.

You see a number of services on the System tab, as shown in the following example.
Figure 2. RTMT
Critical Services System Tab

Live Data and Cisco IdS services are also included on the System tab. To view the Unified Intelligence Center services, click the Intelligence Center tab.

When RTMT is connected to either a Unified Intelligence Center standalone server or a Cisco IdS standalone server, no services
are listed on the Intelligence Center tab, as shown in the following figure.

Procedure

Cisco Identity
Service Alerts

You can view the
Cisco Identity Service alerts from the Intelligence Center pane.

The following table describes these alerts.

Table 1.

Alert Name

Syslog Alarm Name

Description

IdSInitializationFailure

IDS_INIT_ERROR

This
alert occurs when an error is encountered during IdS initialization.

IDPMetaDataLoadError

IDP_META_DATA_LOAD_ERROR

This
alert occurs when the trust could not be established between IdS and IdP during
initialization.

SPMetaDataLoadError

SP_META_DATA_LOAD_ERROR

This
alert occurs when SAML SP metadata Initialization fails.

IDPMetaDataUpdateError

IDP_META_DATA_UPDATE_ERROR

This
alert occurs when there is an error updating IdP metadata and propagating
across the cluster.

SPMetaDataUpdateError

SP_META_DATA_UPDATE_ERROR

This
alert occurs when SAML SP certificate regeneration fails.

TokenMetaDataUpdateError

TOKEN_META_DATA_UPDATE_ERROR

This
alert occurs when TOKEN Keystore regeneration or update fails.

IdSSecurityConfigNotPresent

IDS_SECURITY_CONFIG_NOT_PRESENT

This
alert occurs when some IdS security configuration files are not present on the
secondary node.

IdSSecurityConfigPullFailure

IDS_SECURITY_CONFIG_PULL_FAILURE

This
alert occurs when the security config could not be pulled from the primary IdS
node.

SAMLCertificateLoadFailed

SAML_CERTIFICATE_LOAD_FAILED

This
alert occurs when the system is unable to read the SAML SP certificate.

IdSStateNotConfigured

STATE_NOT_CONFIGURED

This
alert occurs when the trust between IdS node and IdP is yet to be established
or when the IdS configuration could not be synchronized from the master node.

IdSStateOutOfService

STATE_OUT_OF_SERVICE

This
alert occurs whenever a system error results in the IdS Application failing to
start.

Note

To view or
edit values for any alert, right-click the alert and select
Set
Alert/Properties.

View Performance Counters

Procedure

Run RTMT to connect to the target server, then choose Performance > Performance in the System pane.

Figure 5. RTMT
Performance Interface

Disaster Recovery

The Disaster Recovery System includes the following capabilities:

A user interface for performing backup and restore tasks.

A distributed system architecture for performing backup functions.

Scheduled backups or manual (user-invoked) backups.

To back up and restore a Unified Intelligence Center standalone or coresident (Unified Intelligence Center, Live Data, and
Cisco IdS) server, see the Administration Console User Guide for Cisco Unified Intelligence Center at https://www.cisco.com/en/US/products/ps9755/prod_maintenance_guides_list.html. The procedures in the Disaster Recovery System chapter in this document also apply to the Live Data standalone or the Cisco
IdS standalone server.